Individuals and organizations are using an increasing number of applications and services, and rely on, create and store increasing amounts of data. Maintaining on-premises data servers to host these applications and services and to store these data can be burdensome. Computing resource providers, including web-services providers, for example, may ease this burden by providing off-premises managed directory services. In some conventional implementations, such services include a system that stores, organizes, and provides access to information in a computer operating system's directory. The system can be implemented by a centrally-managed data server that is located remotely (relative to the organization/user). The centrally-managed data server may provide access to the managed directory service via a network, for example, the Internet, using network-enabled client devices associated with the individual/organization. Such a system provides a directory service without having to install or maintain the infrastructure otherwise required used to implement the directory service on-premises.
Using such a centrally-managed data server may require additional security features. For example, it may be important to ensure that the directories are accessed only by authorized users. One approach to this enhanced security has been to provide users with passwords that are authenticated by the managed directory service. In some conventional systems, this authentication is required multiple times for the same client device. For example, a user may be required to enter credentials, such as a password once upon accessing a directory through a hosted service or application (for example, through a virtual desktop) and again upon accessing a directory (even the same directory) directly over a network connection. This entry and re-entry of credentials provides an added security feature, but may be undesirable to a user, specifically when the user has not changed machines.